Thanks for the tip. This script seems similar to the one used by Rapid7 to integrate Nexpose with Sourcefire. Meanwhile i have contacted Greenbone technical sales and they informed me that i should contact Cisco regarding the connector.
> No dia 17/08/2016, às 16:36, Eero Volotinen <[email protected]> escreveu: > > If your company is willing to pay, it should be simple to port this nessus > opensource connector to openvas.. > > https://supportforums.cisco.com/document/12305426/nessus-report-upload-tool-host-input-api > > <https://supportforums.cisco.com/document/12305426/nessus-report-upload-tool-host-input-api> > > Eero > > 2016-08-17 17:18 GMT+03:00 Fábio Fernandes <[email protected] > <mailto:[email protected]>>: > I think there is no documentation for OpenVAS in the site they advice to use > the Greenbone Security Manual. > Is the lack of the program greenbone_sourcefire_connector a reason to submit > a bug report? > >> No dia 17/08/2016, às 15:15, Eero Volotinen <[email protected] >> <mailto:[email protected]>> escreveu: >> >> You are free to submit fixes to documentation ;) >> >> Eero >> >> 2016-08-17 16:39 GMT+03:00 Fábio Fernandes <[email protected] >> <mailto:[email protected]>>: >> It would be nice that they mentioned what works and what does not on the >> free version. I spent a lot of time for nothing probably :( . >> It would be nice if someone with the Greenbone paid version could confirm >> that the connector exists or the greenbone_sourcefire_connector program. >> >>> No dia 17/08/2016, às 14:03, Eero Volotinen <[email protected] >>> <mailto:[email protected]>> escreveu: >>> >>> I think that is normal way that opensource works. You usually need to pay >>> for more advanced features like this ;) >>> >>> Eero >>> >>> 2016-08-17 16:01 GMT+03:00 Fábio Fernandes <[email protected] >>> <mailto:[email protected]>>: >>> That is what i think too. But its strange that it appears in the free >>> version and in the INSTALL file of the free version it looks like they use >>> the same version but leave some internal components out or maybe they >>> forgot to put it there because it is an feature not used normally by first >>> time users. Anyway it would be nice if someone with the Greenbone paid >>> version could confirm this. >>> >>>> No dia 17/08/2016, às 12:22, Eero Volotinen <[email protected] >>>> <mailto:[email protected]>> escreveu: >>>> >>>> I think it's only available on commercial greenbone version. >>>> >>>> So, you should buy greenbone to get connector >>>> >>>> -- >>>> Eero >>>> >>>> 2016-08-17 13:55 GMT+03:00 Fábio Fernandes <[email protected] >>>> <mailto:[email protected]>>: >>>> Strange. If you go to OpenVAS menu Configurations->Alerts and create a new >>>> Alert you see an option that says Sourcefire Connector and the >>>> configuration fields for it maybe it is not fully implemented. >>>> Another strange thing as i said in the first post is that in the INSTALL >>>> file in the OpenVAS Manager source code it says that it has a Sourcefire >>>> Connector but in order for it to work it needs a program that i cannot >>>> find anywhere. >>>> >>>> … >>>> Prerequisites for Sourcefire Connector alert: >>>> * A program in the PATH called greenbone_sourcefire_connector that takes >>>> args >>>> IP, port, PKCS12 file and report file in Sourcefire format. >>>> … >>>> >>>> I would like to find this program as i think it is the only thing i need >>>> to get it working. >>>> >>>>> No dia 17/08/2016, às 08:07, Eero Volotinen <[email protected] >>>>> <mailto:[email protected]>> escreveu: >>>>> >>>>> Well. there is no sourcefire connector for openvas. Only supported format >>>>> is sourcefire report that you can manually import to sourcefire system. >>>>> >>>>> ref: >>>>> https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate >>>>> >>>>> <https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/report_formats/sourcefire/generate> >>>>> (source) >>>>> >>>>> Eero >>>>> >>>>> 2016-08-17 5:50 GMT+03:00 Fábio Fernandes <[email protected] >>>>> <mailto:[email protected]>>: >>>>> I think it is supported because it has an specific alert for it and >>>>> Greenbone appliances use the same version that is available. If it was >>>>> not supported why there would be an alert for it and why the connector >>>>> was mentioned in the INSTALL file? >>>>> >>>>> > I think it is not supported on openvas. >>>>> > >>>>> > Eero >>>>> > >>>>> > >>>>> > 16.8.2016 7.59 ip. "Fábio Fernandes" <[email protected] >>>>> > <mailto:[email protected]>> kirjoitti: >>>>> > I have been trying to integrate OpenVAS with Sourcefire for sometime >>>>> > now without success. I have seen in this threads >>>>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html >>>>> > >>>>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004602.html>, >>>>> > >>>>> > http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html >>>>> > >>>>> > <http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-December/004771.html> >>>>> > that when we import the Sourcefire report format from >>>>> > http://greenbone.net/technology/report_formats.de.html >>>>> > <http://greenbone.net/technology/report_formats.de.html> it returns an >>>>> > HTTP 500 error. I have solved this issue by downloading the source code >>>>> > and retrieving the sourcefire report format files and change them to >>>>> > support gpg signatures that OpenVAS 8 uses. Next i generated gpg keys >>>>> > in the OpenVAS homedir and imported the files create_report_import, >>>>> > sourcefire.xsl, and generate to the OpenVAS machine and ran >>>>> > create_report_import. That generated the correct sourcefire.xml that i >>>>> > imported to OpenVAS GSA without error and then i changed the status to >>>>> > active. After that i scanned a target and saved the report in >>>>> > Sourcefire format and it was correct. (I tested this in Ubuntu, Kali, >>>>> > and CentOS versions and for some reason there seems to be a bug in the >>>>> > CentOS version because the report saved is empty with 0KB but it works >>>>> > for the other versions) After that i tested the connection from the >>>>> > OpenVAS machine to the Sourcefire DC 8307 port and it was open, >>>>> > generated the pkcs12 file in the Sourcefire DC for Openvas with the >>>>> > correct IP, created the respective Alert with the Sourcefire IP and the >>>>> > pkcs12 certificate file. Ran a scan and nothing happened, even >>>>> > listening with tcpdump there was no connection made and the OpenVAS >>>>> > Manager log (raised to level 128) presented the following lines : >>>>> > >>>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Status of task >>>>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to >>>>> > Requested >>>>> > event task:MESSAGE:2016-08-16 16h17.09 UTC:23869: Task >>>>> > b243b1b7-da5c-40fd-b047-59b3ce3fe38b has been requested to start by >>>>> > admin >>>>> > event task:MESSAGE:2016-08-16 16h17.12 UTC:23871: Status of task >>>>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Running >>>>> > event task:MESSAGE:2016-08-16 16h57.39 UTC:23871: Status of task >>>>> > cyberwatch (b243b1b7-da5c-40fd-b047-59b3ce3fe38b) has changed to Done >>>>> > event alert:MESSAGE:2016-08-16 16h57.39 UTC:23871: The alert for task >>>>> > cyberwatch was triggered (Event: Task status changed to 'Done', >>>>> > Condition: Always) >>>>> > >>>>> > . After that i investigated what happens when an alert is executed and >>>>> > found out this in the INSTALL file in the OpenVAS Manager source code: >>>>> > >>>>> > Prerequisites for Sourcefire Connector alert: >>>>> > * A program in the PATH called greenbone_sourcefire_connector that >>>>> > takes args >>>>> > IP, port, PKCS12 file and report file in Sourcefire format. >>>>> > >>>>> > And then found that the Sourcefire alert script is called by the >>>>> > OpenVAS Manager and this script present in the installation (path: >>>>> > /usr/share/openvas/openvasmd/global_alert_methods/) executes the >>>>> > greenbone_sourcefire_connector program from PATH. >>>>> > I could not find this greenbone_sourcefire_connector program in any of >>>>> > the OpenVAS versions that i installed or even on the Internet. Does >>>>> > someone have this file or it only exists in the Greenbone Appliances as >>>>> > their manual show how to configure this functionality. Can anybody help >>>>> > me with this please? >>>>> > >>>>> > >>>>> > _______________________________________________ >>>>> > Openvas-discuss mailing list >>>>> > [email protected] >>>>> > <mailto:[email protected]> >>>>> > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>>> > >>>>> > <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
